Blog

DARE to Encrypt!

By Mike Wronski

Hackers have countless tricks for getting their hands on your confidential data. Make sure that if they reach the prize, there’s nothing they can do with it.

Criminal hacking has become a big business, and with global data approximately doubling in size every two years1, there’s plenty of it to exploit for financial gain. As hackers persevere and multiply, enterprises struggle to thwart their efforts with continual updates and patches to their digital fortresses. 

It’s all well and good to install antivirus software and build firewalls around the personally identifiable information (PII) of customers and patients, your intellectual property (IP), and other business-confidential and competitive data. However, hackers are cunning, constantly coming up with workarounds almost as fast as you can put protections in place. They’ve succeeded, for example, using hacked or stolen user credentials, malware, social engineering, and even by physically stealing hard drives from datacenters and user PCs. 

During the COVID-19 pandemic we have seen up to half of American workers working from home which, according to the Brookings Institute,3 more than doubles the fraction who worked from home (at least occasionally) previously. For companies that haven’t implemented virtual desktops for remote workers, that means more corporate data is being stored on user PCs that should be protected. Meanwhile, the global cybersecurity skills shortage surpassed four million in 2019, up from 2.93 million in 20182, which doesn’t bode well for the good guys staying ahead of the threat curve.

Today’s situation calls for adding a measure to your cyber defenses that are often overlooked: data-at-rest encryption (DARE). When you encrypt your data, that data will be unusable to the hacker who manages to breach or steal a storage device.

Changing Conditions Make Encryption Attractive

Hard drive encryption has always been a good idea. However, historically, it has tended to be a bit expensive and unwieldy, requiring businesses to invest in specialized, tamper-proof hard drives to implement it. But there are good reasons to revisit this security option again now:

  • It’s become more affordable. Data encryption is now available via software using standard drives, so there’s no need to buy specialized hardware. And today’s solutions don’t cause a perceivable performance hit on data access response times.

  • It’s mandated by some compliance regulations. Payment Card Industry Data Security Standards (PCI DSS) now require the encryption of credit card info, not only for data in motion across wireless networks, but in hard drives and storage devices as well. The Health Insurance Portability and Accountability Act (HIPAA) requires the same for patient information. Noncompliance can result in fines, reputation damage, lawsuits, or worse.

  • It’s become a recommended best practice by the International Standards Organization (ISO) 27001 data security standard.

  • It can be simple to do if you have the right solution. Encryption may already be available as a software configuration option, ready to turn ON. This is the case, for example, with the encryption options in our Nutanix HCI solutions.

Encrypting data in motion across the Internet using Secure Sockets Layer/Transport Layer Security (SSL/TLS) public/private key encryption algorithms has long been de rigueur. But no longer does data only need protecting when it’s on the network, or moving beyond the virtual walls of the company datacenter, exposed to outsiders. Insider threats now account for more than a third of security breaches3. Even failed drives in transit for recycling or thrown in the trash might be intercepted and data on them recovered. You can’t be too careful.

Expand Your Defense-in-Depth Arsenal

If data encryption protects stored data, do we still need antivirus? Firewalls? Role-based access control and multi-factor authentication? 

Of course, we do. Unfortunately, there’s no single be-all, end-all cybersecurity solution.

An encryption strategy must work with your many other defense-in-depth security measures because encrypted data can always be readable to someone. Encryption provides little protection when a hacker successfully steals a privileged user’s credentials via phishing or remotely piggybacks on that user’s live connection to a server into which the correct password has already been entered.

This isn’t just about people, application access must also be considered. If an application isn’t secured and segmented, a hacker who breaches the application can gain access to the data, whether it’s encrypted or not. 

Bottom line: Encrypt your date to avoid theft from drives removed from your datacenter or breached in the end-user PCs, whether by a criminal or by a legitimate user for recycling or the garbage. DARE is a useful component in a data security toolbox but must work with robust authentication, least-privilege/zero trust access controls, antivirus, and other mechanisms.

 Read more about data security and protection from malware with Nutanix on our security solutions page

 

1 IDC, “The Digital Universe of Opportunities,”
https://www.emc.com/leadership/digital-universe/2014iview/executive-summary.htm

2 (ISC)2, as reported in Info Security Magazine, November 2019,
https://www.infosecurity-magazine.com/news/cybersecurity-skills-shortage-tops/

3 The Brookings Institution, “Telecommuting Will Likely Continue Long After the Pandemic,” April 6, 2020,
https://www.brookings.edu/blog/up-front/2020/04/06/telecommuting-will-likely-continue-long-after-the-pandemic/

4 Verizon 2019 Data Breach Investigations Report,
https://enterprise.verizon.com/resources/reports/dbir/?cmp=paid_search:google:ves_us:gm:awareness&utm_medium=
paid_search&utm_source=google&utm_campaign=ves_us&utm_content=
gm&utm_term=awareness&gclid=CKntnIPg3OgCFSeqxQIdUoEFBw

© 2020 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. All other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix.com. Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site. Certain information contained in this post may relate to or be based on studies, publications, surveys and other data obtained from third-party sources and our own internal estimates and research. While we believe these third-party studies, publications, surveys and other data are reliable as of the date of this post, they have not independently verified, and we make no representation as to the adequacy, fairness, accuracy, or completeness of any information obtained from third-party sources.

This post may contain express and implied forward-looking statements, which are not historical facts and are instead based on our current expectations, estimates and beliefs. The accuracy of such statements involves risks and uncertainties and depends upon future events, including those that may be beyond our control, and actual results may differ materially and adversely from those anticipated or implied by such statements. Any forward-looking statements included herein speak only as of the date hereof and, except as required by law, we assume no obligation to update or otherwise revise any of such forward-looking statements to reflect subsequent events or circumstances.